Vulnerable smart contract function locating based on Multi-Relational Nested Graph Convolutional Network

Haiyang Liu,Yuqi Fan,Lin Feng,Zhenchun Wei
DOI: https://doi.org/10.1016/j.jss.2023.111775
IF: 3.5
2023-06-11
Journal of Systems and Software
Abstract:The immutable and trustable characteristics of blockchain enable smart contracts to be applied in various fields. Unfortunately, smart contracts are subject to various vulnerabilities, which are frequently exploited by attackers, causing financial damage to users. Therefore, it is extremely important to perform effective vulnerability detection and locating to ensure the security of smart contracts. Deep learning has shown great advantages in smart contract vulnerability detection due to its powerful end-to-end feature learning. The previous deep learning based approaches to smart contract vulnerability detection focus on identifying whether there are vulnerabilities in a smart contract. However, this kind of detection cannot achieve fine-grained vulnerability detection, i.e., locating which function in the smart contract is vulnerable. In this paper, we study the problem of vulnerable smart contract function locating. We construct a novel Multi-Relational Nested contract Graph (MRNG) to better characterize the rich syntactic and semantic information in the smart contract code, including the relationships between data and instructions. An MRNG represents a smart contract, where each node represents a function in the smart contract and each edge describes the calling relationship between the functions. In addition, we create a Multi-Relational Function Graph (MRFG) for each function, which characterizes the corresponding function code. Accordingly, each node in the MRNG is an MRFG. Each MRFG uses different types of edges to represent the different control and data relationships between nodes within a function. We also propose a Multi-Relational Nested Graph Convolutional Network (MRN-GCN) to process the MRNG. MRN-GCN first extracts and aggregates features from each MRFG, using the edge-enhanced graph convolution network and self-attention mechanism. The extracted feature vector is then assigned to the corresponding node in the MRNG to obtain a new Featured Contract Graph (FCG) for the smart contract. Graph convolution is used to further extract features from the FCG. Finally, a feed forward network with a Sigmoid function is used to locate the vulnerable functions. Experimental results on the real-world smart contract datasets show that model MRN-GCN can effectively improve the accuracy, precision, recall and F1-score performance of vulnerable smart contract function locating.
computer science, theory & methods, software engineering
What problem does this paper attempt to address?